SAN MATEO (03/13/2000) - The bulk of overhead associated with e-commerce transactions comes by way of the encryption and decryption of SSL (Secure Sockets Layer) data, a process that can quickly bring server performance to its knees under heavy traffic conditions.
Intel Corp.'s NetStructure 7110 e-Commerce Accelerator, one of a new breed of networking products born from Intel's recent acquisition of IPivot, offers a cost-effective alternative to purchasing and maintaining new server hardware to manage the workload.
Installed between the incoming router and your servers, the Accelerator acts as an intermediary, intercepting and decrypting SSL transactions and forwarding the unencrypted data to the servers for processing. This frees up server-side CPU cycles for more important tasks, such as completing the sale.
This agnostic solution works with all major commercial Web servers, hardware, and operating systems, requiring no additional hardware or software for implementation. And, because it's not limited to SHTTP (Secure HTTP) requests, the Accelerator's performance advantages are extended to any SSL traffic, including secure directory access and e-mail.
Thanks to easy drop-in installation, support for most popular encryption algorithms (including RSA, DSA, and triple-DES), and fail-over capabilities that eliminate any single point of failure, the NetStructure Accelerator is a very good choice for companies looking to speed up e-commerce transactions and other secure processes.
However, because the Accelerator supports a limited number of concurrent transactions, it is best suited to midsize e-commerce initiatives or small to midsize corporate extranets. For high-volume sites requiring traffic management and load balancing as well as SSL encryption and decryption, Intel offers the NetStructure 7180 e-Commerce Director.
The Accelerator packs dual 10/100Mbps Ethernet network interface cards with RJ45 connectors, serial ports for console-based administration, and a rather rudimentary LED display that indicates unit and network conditions.
I had the unit out of the box, configured, and online in less than half an hour. In addition to installing and mapping the security certificate, setup involved tuning the Accelerator's static port routing and connecting the network cables.
The Accelerator provides solid fault tolerance through failure and bypass modes, and units can be daisy-chained, allowing traffic to cascade from one to the next whenever the preceding unit's processing capacity has been exceeded.
This serial cascade continues down the line until all Accelerators have been deluged, at which point traffic falls back to the server for processing, and it's time to rethink your topology.
I put the Accelerator to the test on a busy e-commerce site and monitored performance using in-house tools. Once the Accelerator was connected, the availability of processing resources on the attached server farm increased by 62 percent, and transaction throughput improved by 45 percent.
Unfortunately, only one unit was provided for testing, and the lone Accelerator's capacities were taxed quickly, requiring the end-servers to pick up the slack.
The optimum number of Accelerators for your e-commerce framework will depend on factors such as traffic volume, server capacity, and percentage of traffic containing SSL sessions. Based on each Accelerator's processing capacity of approximately 200 connections per second, I calculated that I could take advantage of three Accelerators before exceeding the capacities of the network.
In the event of failure, the Accelerator can take itself offline, allowing traffic to pass through to the next inline unit. And, for nonsecure traffic, the Accelerator simply acts as an Ethernet switch, passing clear traffic through for processing with minimal delay.
Accelerator's IP-less design prevents remote, Web-based administration and makes centralized management, with tools such as Unicenter and Tivoli, difficult. You could facilitate remote management by connecting a modem or terminal server to the console port, but with several Accelerators strung together, and no cross-management capabilities between them, this work-around would introduce cost and security concerns.
Nevertheless, by plugging in to the console port, I gained access to statistics on CPU utilization, traffic load, and connection frequency that would serve as good performance indicators in helping assess future infrastructure improvements.
The NetStructure Accelerator is a no-frills, drop-in solution to the problem of increasing the responsiveness and traffic-handling capabilities of an e-commerce site or secure extranet. Although it could benefit from remote administration capabilities, it presents a more cost-effective alternative to implementing redundant server hardware.
James R. Borck (firstname.lastname@example.org) appears frequently in InfoWorld and is director of IS at Industrial Art & Science, in Connecticut.
THE BOTTOM LINE: VERY GOOD
NetStructure 7110 e-Commerce AcceleratorBusiness Case: By handling the encryption and decryption of SSL transactions, NetStructure Accelerator augments your existing infrastructure to support higher transaction volumes and improve site responsiveness.
Technology Case: NetStructure's transparent, drop-in design makes for flexible integration into existing topologies without any reconfiguring. Its capability of adding new units as traffic loads dictate means easy scalability.
+ Improves server availability
+ Requires no additional hardware or software+ Cost-effective alternative to traditional hardware+ Easily set up and configured in minutesCons:
- Poor administrative access
- No load balancing or traffic management- No remote error notificationCost: $12,995Platform(s): AllIntel Corp., San Diego; (800) 529-3373 www.intel.com/network.